It is crucial for the safety of your machine to have Anti-Virus (AV) software installed and in use. You should inquire with your IT administrator about the preferred AV solution for your organization. Swif is capable of detecting and updating a range of AV software for external compliance automation platforms like Vanta and Drata. If you are utilizing a different AV software, please contact your admin to have it included as an approved option.
Antivirus Software:
Software | Platform |
Avast | Mac/Windows/Linux |
Avira | Mac/Windows |
Bitdefender | Mac/Windows/Linux |
ClamAV | Mac/Windows/Linux |
Comodo Antivirus | Mac/Windows |
Coro | Mac/Windows/Linux |
CrowdStrike | Mac/Windows/Linux |
Cybereason AntiVirus | Mac/Windows |
Cylance Endpoint Security | Mac/Windows/Linux |
Datto | Mac/Windows/Linux |
ESET Security | Mac/Windows/Linux |
Falcon | Mac/Windows/Linux |
FortiClient | Mac/Windows/Linux |
Intego | Mac/Windows |
Jamf Protect | Mac/Windows |
Kaspersky AntiVirus | Mac/Windows |
Malwarebytes | Mac/Windows/Linux |
McAfee AntiVirus | Mac/Windows/Linux |
Microsoft Defender / Windows Defender | Mac/Windows/Linux |
NANO Antivirus | Mac/Windows |
Norton AntiVirus | Mac/Windows |
SentinelOne | Mac/Windows/Linux |
Sophos | Mac/Windows/Linux |
Symantec | Mac/Windows/Linux |
Total Defense Essential Anti-Virus | Mac/Windows |
Trend Micro | Mac/Windows/Linux |
VMware Carbon Black | Mac/Windows/Linux |
Webroot AntiVirus | Mac/Windows |
XProtect, a built-in MacOS antivirus | Mac/Windows |
ZoneAlarm | Mac/Windows |
Here’s the updated section you can add to your existing Help Center article —
Anti-Virus Detection and Reporting — written in the same professional and instructional tone used in your other Swif.ai documentation.
Linux Antivirus Path Whitelist
On Linux devices, the Swif agent detects installed antivirus or endpoint protection tools by checking for known binaries or services located at standard installation paths.
The following whitelist defines the common executable paths used to identify supported antivirus and EDR solutions.
{
"avast": {
"/usr/bin/avast",
"/usr/local/bin/avast"
},
"avscanner": {
"/opt/sophos-spl/plugins/av/bin/avscanner"
},
"bitdefender": {
"/opt/bitdefender-security-tools/bin/bd"
},
"clambc": {
"/usr/bin/clambc",
"/usr/local/bin/clambc"
},
"clamconf": {
"/usr/bin/clamconf",
"/usr/local/bin/clamconf"
},
"clamdscan": {
"/usr/bin/clamdscan",
"/usr/local/bin/clamdscan"
},
"clamdtop": {
"/usr/bin/clamdtop",
"/usr/local/bin/clamdtop"
},
"clamscan": {
"/usr/bin/clamscan",
"/usr/local/bin/clamscan"
},
"clamsubmit": {
"/usr/bin/clamsubmit",
"/usr/local/bin/clamsubmit"
},
"coro-agent": {
"/usr/bin/coro-agent",
"/usr/local/bin/coro-agent"
},
"cylance": {
"/usr/bin/cylance",
"/usr/local/bin/cylance"
},
"datto": {
"/user/bin/dbctl",
"/usr/sbin/dlad"
},
"eset": {
"/opt/eset/efs/sbin/startd"
},
"falcon-sensor": {
"/usr/bin/falcon-sensor",
"/usr/local/bin/falcon-sensor",
"/opt/CrowdStrike/falcon-sensor"
},
"forticlient": {
"/opt/forticlient/fctsched",
"/opt/forticlient/firewall"
},
"mblinux": {
"/usr/bin/mblinux",
"/usr/local/bin/mblinux"
},
"mbdaemon": {
"/usr/bin/mbdaemon",
"/usr/local/bin/mbdaemon"
},
"mcafee": {
"/opt/McAfee/ens/tp/bin/mfetpcli"
},
"microsoft-defender": {
"/opt/microsoft/mdatp/sbin/wdavdaemon"
},
"sentinelone": {
"/opt/sentinelone/bin/sentinelctl"
},
"symantec": {
"/opt/Symantec/symantec_antivirus/sav"
},
"trendmicro": {
"/etc/init.d/dsm_s",
"/etc/init.d/ds_agent"
},
"vmware-carbon-black": {
"/opt/bit9/bin/b9cli"
},
}If Swif doesn’t detect an installed antivirus automatically, it’s possible the binary path is different from the default ones listed above.
How Detection Works
The Swif agent checks for the presence of these binaries during device scans. If a matching executable is found on the system, the corresponding antivirus or EDR solution will be reported in the Security / Antivirus status section of the device record.
This allows administrators to:
Verify that endpoint protection is installed
Monitor antivirus deployment across Linux fleets
Ensure compliance with security policies
Notes
Detection relies on standard installation paths used by most vendors.
If an antivirus solution is installed in a custom directory, it may not be automatically detected.
Some security products run multiple services; detection may rely on the primary CLI or daemon binary.
Submitting Custom Antivirus Paths for Linux
If your organization uses an antivirus solution that is installed in a custom directory, you can send the installation path to the Swif team for whitelisting.
To find your antivirus installation path, use the commands below and share the results with Swif support.
Step 1 — Check if the service exists
sudo systemctl status {appName}Step 2 — Check for desktop entries
ls /usr/share/applications | grep {appName} ls /usr/local/share/applications | grep {appName} ls ~/.local/share/applications | grep {appName}Step 3 — Check for binary location
ls /usr/bin | grep {appName} ls /usr/local/bin | grep {appName}Tip: Replace {appName} with your antivirus process or service name (for example, falcon-sensor, clamscan, or bitdefender).
Why This Matters
Adding new antivirus paths to the whitelist ensures that Swif can:
Accurately detect and report the antivirus software installed on Linux devices.
Include the antivirus status in compliance and security reports.
Maintain visibility across heterogeneous Linux environments and distributions.
✅ Example:
If you installed CrowdStrike Falcon Sensor in a non-standard directory such as /opt/crowdstrike/bin/falcon-sensor, simply provide that path to Swif Support.
After review and verification, it will be added to the whitelist for future automatic detection.